First published: Fri Nov 06 2020(Updated: )
A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <40.6.9 | |
Cisco Webex Meetings | >=40.8.0<40.8.9 |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-3588.
CVE-2020-3588 has a severity rating of 7.8 (High).
A local attacker can exploit CVE-2020-3588 to execute arbitrary code on a targeted system.
Cisco Webex Meetings Desktop App for Windows versions up to 40.6.9 and versions between 40.8.0 and 40.8.9 are affected.
Yes, Cisco has released a security advisory with remediation steps for CVE-2020-3588. Please refer to the Cisco Security Advisory for more information.